Add role based scope validation config enabled check.

wso2-extensions · Dec 14, 2023 · b2c7030 · b2c7030
1 parent 6141f61
commit b2c7030
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/.../src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java b/.../src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java
@@ -102,11 +102,16 @@ public class RoleBasedScopeIssuer extends AbstractRoleBasedScopeIssuer implement
     private static final String ISSUER_PREFIX = "default";
     OAuthServerConfiguration oAuthServerConfiguration = OAuthServerConfiguration.getInstance();
     private static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
+    private static final String ROLE_BASE_SCOPE_VALIDATION_ENABLED =
+            "GlobalScopeValidators.RoleBasedScopeIssuer.Enable";
 
     @Override
     public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws
             IdentityOAuth2Exception {
 
+        if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) {
+            return true;
+        }
         List<String> authScopes = getScopes(oAuthAuthzReqMessageContext);
         oAuthAuthzReqMessageContext.setApprovedScope(authScopes.toArray(new String[0]));
         return true;
@@ -116,6 +121,9 @@ public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageCon
     public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws
             IdentityOAuth2Exception {
 
+        if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) {
+            return true;
+        }
         String grantType = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType();
         boolean isRefreshRequest = OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType);
         boolean isFederatedUser = oAuthTokenReqMessageContext.getAuthorizedUser().isFederatedUser();
@@ -131,6 +139,9 @@ public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageCon
     public boolean validateScope(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws
             IdentityOAuth2Exception {
 
+        if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) {
+            return true;
+        }
         AccessTokenDO accessTokenDO = (AccessTokenDO) oAuth2TokenValidationMessageContext.getProperty(ACCESS_TOKEN_DO);
         if (accessTokenDO == null) {
             return false;